Here's (Possibly) the Whole Truth About How PRISM Works

There's been a lot of mystery surrounding how, exactly, the National Security Agency's top secret PRISM program actually works. And now, thanks to a new report from the Associated Press, we have the biggest and broadest understanding of how our government is spying on foreign operatives, and on Americans, and really the entire Internet. 

This article is from the archive of our partner .

There's been a lot of mystery surrounding how, exactly, the National Security Agency's top secret PRISM program actually works. And now, thanks to a new report from the Associated Press, we have the biggest and broadest understanding of how our government is spying on foreign operatives, and on Americans, and really the entire Internet.

The new Press report paints the best picture of how the PRISM program grew out of post-9/11 lawmaking and became the broad government surveillance project it is now. In 2008, Congress approved amendments to FISA allowing, among other things, the government to conduct warrantless wiretaps of electronic communications, contingent upon judicial approval. Several subsequent votes have extended those powers, and President Obama and his administration defended the oversight by secret courts. As disclosed in slides leaked by former contractor Edward Snowden to the Guardian, the NSA collects data on foreign nationals from the fibre optic wires that carry most of the Internet's data from servers in the U.S. and beyond. That means they scoop up "emails, telephone calls, video chats, websites, bank transactions and more," the AP explains. But ever since the world was keyed into PRISM's existence, we've seized any explanation, any morsel of information that tells us what this program does, doesn't do, or only maybe possibly occasionally does. We still have very little idea. But, thanks to this report, we have the clearest definition of PRISM's function for NSA spying yet:

Prism, as its name suggests, helps narrow and focus the stream. If eavesdroppers spot a suspicious email among the torrent of data pouring into the United States, analysts can use information from Internet companies to pinpoint the user.

With Prism, the government gets a user's entire email inbox. Every email, including contacts with American citizens, becomes government property.

Once the NSA has an inbox, it can search its huge archives for information about everyone with whom the target communicated. All those people can be investigated, too.

That's one example of how emails belonging to Americans can become swept up in the hunt.

The Press report also illuminates the process in which the NSA requests user information from the major tech companies who unknowingly participated in PRISM for years:

Every year, the attorney general and the director of national intelligence spell out in a classified document how the government plans to gather intelligence on foreigners overseas.

By law, the certification can be broad. The government isn't required to identify specific targets or places.

A federal judge, in a secret order, approves the plan.

With that, the government can issue "directives" to Internet companies to turn over information.

While the court provides the government with broad authority to seize records, the directives themselves typically are specific, said one former associate general counsel at a major Internet company. They identify a specific target or groups of targets. Other company officials recall similar experiences.

Facebook and Microsoft were the first to release broad information about government information requests, including those under FISA, on Saturday morning. The major companies accused of cooperating with the program all claimed innocence in the wake of PRISM's unveiling. They claimed to have no knowledge of a program called PRISM. But that's because they had been cooperating with the program since before it was ever given a fancy new title. When Google and Facebook and Microsoft started granting both top-secret and transparent requests for information from the government, activity that skyrocketed after 9/11 and has only increased since, they were already participating in the PRISM program. "What the NSA called Prism, the companies knew as a streamlined system that automated and simplified the "Hoovering" from years earlier," a source told the AP. "The companies, he said, wanted to reduce their workload. The government wanted the data in a structured, consistent format that was easy to search." But the myth put forward byt he slides leaked to the Guardian about the NSA having "direct access" to tech company servers is largely false. As has been explained since PRISM's reveal, different tech companies have different delivery methods for the information seized by the NSA. "Technology experts and a former government official say that phrasing, taken from a PowerPoint slide describing the program, was likely meant to differentiate Prism's neatly organized, company-provided data from the unstructured information snatched out of the Internet's major pipelines," the Press explains. The bad news is that, yes, American email accounts are occasionally included in the NSA's broad sweeping of the fibre cables and information dumped from the tech companies. The good news is that any information identified as belonging to an American is stored in a secure server the NSA isn't allowed to touch without a warrant. The AP explains:

The government has said it minimizes all conversations and emails involving Americans. Exactly what that means remains classified. But former U.S. officials familiar with the process say it allows the government to keep the information as long as it is labeled as belonging to an American and stored in a special, restricted part of a computer.

That means Americans' personal emails can live in government computers, but analysts can't access, read or listen to them unless the emails become relevant to a national security investigation.

The government doesn't automatically delete the data, officials said, because an email or phone conversation that seems innocuous today might be significant a year from now.

So, when the NSA collects American communications, they store it in a special place just on the off chance you are one day wrapped up in a national security investigation. It's like the broadest insurance policy ever. It's the ultimate investigative what if. And it's all 100 percent legal. If you have the time, you should take the time to read the full Associated Press report. It's one of the most comprehensive and balanced reports about the NSA program since the scandal broke.

This article is from the archive of our partner The Wire.